[
https://issues.apache.org/jira/browse/MGPG-112?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17827422#comment-17827422
]
Harald Kuhr commented on MGPG-112:
----------------------------------
Thanks! Great work, both on the plugin in general and locating and resolving
the issue quickly!
I'll try upgrading to 3.2.1 as soon as it's available. But as my setup is very
similar to SQLite JDBC (mentioned in MGPG-90), do you recommend switching to
the new Bouncy Castle signer for usage in GitHub Actions?
> Upgrading from 3.1.0 to 3.2.0 with no other changes causes "gpg: signing
> failed: No pinentry"
> ---------------------------------------------------------------------------------------------
>
> Key: MGPG-112
> URL: https://issues.apache.org/jira/browse/MGPG-112
> Project: Maven GPG Plugin
> Issue Type: Bug
> Affects Versions: 3.2.0
> Environment: GitHub actions, using ubuntu-22.04 (Ubuntu 22.04 LTS)
> image. Full details can be found in the linked logs in Description.
> Reporter: Harald Kuhr
> Assignee: Tamas Cservenak
> Priority: Major
> Fix For: 3.2.1
>
>
> After upgrading to Maven GPG plugin from 3.1.0 to 3.20, the Deploy step of my
> projects CI failed with the message "gpg: signing failed: No pinentry".
>
> After upgrade to 3.2.0, the deploy step fails the build, while the relevant
> part of the log says:
>
> {noformat}
> [INFO] --- maven-gpg-plugin:3.2.0:sign (sign-artifacts) @ twelvemonkeys ---
> [INFO] Signer 'gpg' is signing 2 files
> gpg: signing failed: No pinentry
> gpg: signing failed: No pinentry
> ...
> Error: Failed to execute goal
> org.apache.maven.plugins:maven-gpg-plugin:3.2.0:sign (sign-artifacts) on
> project twelvemonkeys: Exit code: 2 -> [Help 1]{noformat}
>
> After reverting to the working 3.1.0, build and deploy succeeds, the relevant
> part of the log says:
>
> {noformat}
> [INFO] --- maven-gpg-plugin:3.1.0:sign (sign-artifacts) @ twelvemonkeys ---
> [INFO] Signing 2 files with default secret key.
> ...
> [INFO] BUILD SUCCESS
> {noformat}
>
> Is this an expected/intended behavior with the 3.2.0 release, and does the
> plugin need additional/different configuration? If this is the case, can you
> provide suggestions or workarounds to get the signing working again?
> As this is a minor version change, I suspect this is a bug/regression and not
> intended. I don't find anything in the release notes suggesting a
> configuration change is required.
> Plugin configuration (private key and passphrase is passed using GHA secrets):
>
> {noformat}
> <plugin>
> <groupId>org.apache.maven.plugins</groupId>
> <artifactId>maven-gpg-plugin</artifactId>
> <version>3.1.0</version> <!-- fails with 3.2.0 -->
> <configuration>
> <!-- Prevent gpg from using pinentry programs -->
> <gpgArguments>
> <arg>--pinentry-mode</arg>
> <arg>loopback</arg>
> </gpgArguments>
> </configuration>
> <executions>
> <execution>
> <id>sign-artifacts</id>
> <phase>verify</phase>
> <goals>
> <goal>sign</goal>
> </goals>
> </execution>
> </executions>
> </plugin>{noformat}
>
> Full POM for the build:
> [https://github.com/haraldk/TwelveMonkeys/blob/878d6217d8538f05205c092c7230c8db6727d058/pom.xml]
>
> Full logs from broken build (Dependabot PR bump 3.1.0 to 3.2.0):
> [https://github.com/haraldk/TwelveMonkeys/actions/runs/8230467333/job/22504202895]
>
> Full logs from working build (reverted to 3.1.0):
> [https://github.com/haraldk/TwelveMonkeys/actions/runs/8230663423/job/22504567422]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
